gitlab-org--gitlab-foss/spec/features/security/profile_access_spec.rb

require 'spec_helper'

describe "Users Security", feature: true  do
  describe "Project" do
    before do
      @u1 = create(:user)
    end

    describe "GET /login" do
      it { new_user_session_path.should_not be_404_for :visitor }
    end

    describe "GET /profile/keys" do
      subject { profile_keys_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end

    describe "GET /profile" do
      subject { profile_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end

    describe "GET /profile/account" do
      subject { profile_account_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end

    describe "GET /profile/design" do
      subject { design_profile_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end

    describe "GET /profile/history" do
      subject { history_profile_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end

    describe "GET /profile/notifications" do
      subject { profile_notifications_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end

    describe "GET /profile/groups" do
      subject { profile_groups_path }

      it { should be_allowed_for @u1 }
      it { should be_allowed_for :admin }
      it { should be_allowed_for :user }
      it { should be_denied_for :visitor }
    end
  end
end
init commit 2011-10-08 17:36:38 -04:00			`require 'spec_helper'`

Split feature tests out to different build job 2014-04-12 04:56:37 -04:00			`describe "Users Security", feature: true do`
init commit 2011-10-08 17:36:38 -04:00			`describe "Project" do`
clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 09:46:25 -04:00			`before do`
Remove backward compatibility of factories. 2012-11-05 22:31:55 -05:00			`@u1 = create(:user)`
init commit 2011-10-08 17:36:38 -04:00			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 09:46:25 -04:00			`describe "GET /login" do`
security improved 2011-10-17 06:39:03 -04:00			`it { new_user_session_path.should_not be_404_for :visitor }`
init commit 2011-10-08 17:36:38 -04:00			`end`

Fix profile emails with new key route 2013-06-24 12:24:27 -04:00			`describe "GET /profile/keys" do`
			`subject { profile_keys_path }`
Clean up request specs 2012-08-25 13:43:55 -04:00
			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
init commit 2011-10-08 17:36:38 -04:00			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 09:46:25 -04:00			`describe "GET /profile" do`
Clean up request specs 2012-08-25 13:43:55 -04:00			`subject { profile_path }`

			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
init commit 2011-10-08 17:36:38 -04:00			`end`

Refactored profile area 2012-09-14 12:13:25 -04:00			`describe "GET /profile/account" do`
Fix profile specs 2013-10-09 12:03:09 -04:00			`subject { profile_account_path }`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00
			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
			`end`

			`describe "GET /profile/design" do`
			`subject { design_profile_path }`
Clean up request specs 2012-08-25 13:43:55 -04:00
			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
init commit 2011-10-08 17:36:38 -04:00			`end`
Extend profile security specs 2013-09-25 07:05:03 -04:00
			`describe "GET /profile/history" do`
			`subject { history_profile_path }`

			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
			`end`

			`describe "GET /profile/notifications" do`
			`subject { profile_notifications_path }`

			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
			`end`

			`describe "GET /profile/groups" do`
			`subject { profile_groups_path }`

			`it { should be_allowed_for @u1 }`
			`it { should be_allowed_for :admin }`
			`it { should be_allowed_for :user }`
			`it { should be_denied_for :visitor }`
			`end`
init commit 2011-10-08 17:36:38 -04:00			`end`
			`end`